Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
101102103104105106107108109110
Encryption Administrator’s Guide 85
53-1001201-04
Zeroizing an encryption engine
2
Zeroizing an encryption engine
Zeroizing is the process of erasing all data encryption keys and other sensitive encryption
information in an encryption engine. You can zeroize an encryption engine manually to protect
encryption keys. No data is lost because the data encryption keys for the encryption targets are
stored in the key vault.
You can zeroize an encryption engine only if it is enabled (running) or disabled, but ready to be
enabled. If the encryption engine is not in one of these states, an error message displays.
When using a NetApp LKM key vault, if all the encryption engines in a switch are zeroized, the
switch loses the link key required to communicate with the LKM vault. After the encryption engines
are rebooted and re-enabled, you must use the CLI to create new link keys for the switch.
When using an RKM or HP SKM key vault, if all the encryption engines in an encryption group are
zeroized, the encryption group loses the master key required to read data encryption keys from the
key vault. After the encryption engines are rebooted and re-enabled, you must restore the master
key from a backup copy, or alternatively you can also generate a new master key and back it up.
Restoring the master key from a backup copy or generating a new master key and backing it up
indicates that all previously generated DEKs cannot be decrypted, unless the original master key
used to encrypt them is restored.
Use the Restore Master key wizard from the Encryption Group Properties dialog box to restore the
master key from a backup copy.
1. Select Configure > Encryption from the menu bar.
The Configure Encryption dialog box displays.
2. Select the encryption engine, and then click Zeroize.
A confirmation dialog box describing consequences and actions required to recover launches.
See “Zeroize” on page 19 for more information about the impact of zeroizing.
3. Initialize the encryption engine.
An automatic power cycle and reboot occurs on the encryption blade and encryption switch.
4. Enable the encryption engine using the Switch Encryption Properties dialog box:
a. Select the encryption engine from the Configure Encryption dialog box.
b. Click the Properties button.
The Switch Encryption Properties dialog box displays.